File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -306,6 +306,17 @@ CloseHandle(hSnapshot);
306306
307307void PIDinspect (DWORD pid) { // ooh guys look i'm in the void
308308 HANDLE hProcess = OpenProcess (PROCESS_QUERY_INFORMATION | PROCESS_VM_READ , FALSE , pid);
309+ // The above little handle opener is currently a somwehat "agressive" flag, since it
310+ // Requests read access directly to the process' actual memory. This can get us rejected if called
311+ // on a very high privilege process, such as lsass.exe This means that we can't read the memory
312+ // even WITH SeDebugPrivilege enabled. Windows doesn't want ya sneaking around in that!
313+ // So for that reason, I've added a fallback that only requests limited memory access,
314+ // which should hopefully allow us to read some informatoin about hte process
315+ if (!hProcess && GetLastError () == ERROR_ACCESS_DENIED ) {
316+ // This lets us know if the error was denied specifically for access reasons. THis will initiate our little fallback.
317+ hProcess = OpenProcess (PROCESS_QUERY_LIMITED_INFORMATION , FALSE , pid); // poor little guy getting limited of his full power
318+ // This has been tested and it does let us get info about lsass.exe and even System! Woohoo!
319+ }
309320 if (!hProcess) {
310321 if (IsVirtualTerminalModeEnabled ()) {
311322 std::cerr << " \033 [1;31mError:\033 [0m Could not open process with PID "
You can’t perform that action at this time.
0 commit comments